NVD disclosure day
CVE-2026-1340
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A code injection vulnerability in Ivanti Endpoint Manager Mobile allows unauthenticated remote code execution, posing a significant business risk. This could lead to unauthorized access, data compromise, and operational disruption for affected organizations.
CVE-2026-1281
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A code injection vulnerability in Ivanti Endpoint Manager Mobile allows attackers to execute code remotely without authentication. This poses a business risk of system compromise and data breaches for affected organizations.
CVE-2025-7714
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A SQL injection vulnerability in Global Interactive Design Media Software Inc. Content Management System can lead to command-line execution. This issue affects the CMS through July 21, 2025. An unauthenticated attacker could exploit this via the network to execute arbitrary commands.
CVE-2025-7013
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An authorization bypass vulnerability in QR Menu Pro's Menu Panel allows unauthorized access by exploiting trusted identifiers. This could lead to unauthorized viewing or modification of menu data. The vendor has not responded to inquiries regarding this issue.
CVE-2025-7016
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
An improper access control vulnerability in Akın Software's QR Menu allows authentication abuse, potentially granting unauthenticated remote attackers unauthorized access and modification capabilities. This impacts systems prior to a specific version and is concerning because QR menu systems are often publicly accessib
CVE-2025-7015
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A session fixation vulnerability in Akın Software's QR Menu allows an attacker to hijack user sessions if the application is network-accessible. This could lead to unauthorized access to session data and potential account takeover. This issue affects QR Menu versions prior to s1.05.12.